x404.co.uk
http://www.x404.co.uk/forum/

PDF 0 - day Government Spy Assembler 0x29A Micro Backdoor
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=18476		 Page 1 of 1
Author:  JJW009 [ Mon Mar 04, 2013 12:40 pm ]
Post subject:  PDF 0 - day Government Spy Assembler 0x29A Micro Backdoor
From here

Quote:
These malicious PDF files were rigged with exploits attacking Adobe Reader versions 9, 10 and 11, bypassing its sandbox


This is live now and actively being used for some incredibly cool spyware. There's a fairly detailed analysis of this complicated and carefully planned attack on the link.

    Mitigation and recommendations
    To protect against these attacks, we recommend that you:
  • Update Java to the latest version or simply remove it from
    the system if not used
  • Update Microsoft Windows and Office to the latest versions
  • Update Adobe Reader to the latest version
  • Block traffic to the following domains:
    arabooks.ch
    artas.org
    tsoftonline.com
    www.eamtm.com
    news.grouptumbler.com
  • Block traffic to the following IPs:
    200.63.46.23
    194.38.160.153
    95.128.72.24
    72.34.47.186
    188.40.99.143
    85.95.236.114
  • Install a security solution capable of detecting these threats such as Kaspersky Internet Security 2013 and scan all
    emails and received documents
  • Be wary of opening suspicious documents on your systems; instead, use another computer without an Internet
    connection, a VM, or upload the document to Google Docs for viewing
    In addition, infected PDFs contain the following string, which can be used as a quick way to find them:
    “@34fZ7E*p\”
Author:  Amnesia10 [ Mon Mar 04, 2013 1:50 pm ]
Post subject:  Re: PDF 0 - day Government Spy Assembler 0x29A Micro Backdoor
Very handy being a mac user. No Java installed at all. No Adobe reader as Preview can view PDF's.

Though I have little snitched installed and so will need to look at blocking those sites and links.
Author:  big_D [ Mon Mar 04, 2013 2:57 pm ]
Post subject:  Re: PDF 0 - day Government Spy Assembler 0x29A Micro Backdoor
Very handy being a Windows 8 user, no Acrobat Reader installed here... ;)

Don't be too cocky, there have been several aimed attacks at Macs in the last couple of weeks.
Author:  rustybucket [ Mon Mar 04, 2013 3:04 pm ]
Post subject:  Re: PDF 0 - day Government Spy Assembler 0x29A Micro Backdoor
Very handy being a Linux User - no Acrobat installed here ... :lol:

...
Author:  JJW009 [ Mon Mar 04, 2013 4:03 pm ]
Post subject:  Re: PDF 0 - day Government Spy Assembler 0x29A Micro Backdoor
I don't know enough about other PDF readers to know if they are safe or not. I guess it largely depends whether they support Javascript.

I've heard some very bad things about Foxit and there have been real attacks on it. For example:

http://www.zdnet.com/blog/security/foxi ... -wild/2996
Author:  Amnesia10 [ Mon Mar 04, 2013 5:38 pm ]
Post subject:  Re: PDF 0 - day Government Spy Assembler 0x29A Micro Backdoor
big_D wrote:
Very handy being a Windows 8 user, no Acrobat Reader installed here... ;)

Don't be too cocky, there have been several aimed attacks at Macs in the last couple of weeks.

I am fully aware of that. It is always best to be fully prepared.
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/